Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(428)

Issue 180091: Fix URI resolution and extract javascript URLs. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
16 years, 6 months ago by MikeSamuel
Modified:
16 years, 6 months ago
Reviewers:
Jasvir
CC:
google-caja-discuss_googlegroups.com
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

Prior, we resolved URIs in HTML inconsistently. We completely ignored <base href> URIs, and instead got the URI from the FilePosition. This is problematic for content parsed without debugging on. This CL does not entirely address that problem but adds a pass so that when the base URI is known, we correctly apply it. This change also consolidates code that finds and parses embedded content: styles and scripts in HTML. A following CL will have to thread the base URI reliably through from our external APIs. That will require coordination with clients, so is out of scope for this change. Submitted @3931

Patch Set 1 #

Patch Set 2 : Fix URI resolution and extract javascript URLs. #

Patch Set 3 : Issue 1180: Fix URI resolution and extract javascript URLs. #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+1365 lines, -819 lines) Patch
M src/com/google/caja/ancillary/servlet/CajaWebToolsServlet.java View 1 2 3 chunks +7 lines, -3 lines 0 comments Download
M src/com/google/caja/ancillary/servlet/Content.java View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
D src/com/google/caja/ancillary/servlet/ContentType.java View 1 2 1 chunk +0 lines, -127 lines 0 comments Download
A + src/com/google/caja/ancillary/servlet/GuessContentType.java View 1 2 1 chunk +4 lines, -46 lines 0 comments Download
M src/com/google/caja/ancillary/servlet/IndexPage.java View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M src/com/google/caja/ancillary/servlet/Input.java View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M src/com/google/caja/ancillary/servlet/Job.java View 1 2 2 chunks +18 lines, -12 lines 0 comments Download
M src/com/google/caja/ancillary/servlet/Processor.java View 1 2 13 chunks +50 lines, -88 lines 0 comments Download
M src/com/google/caja/ancillary/servlet/Request.java View 1 2 2 chunks +2 lines, -1 line 0 comments Download
M src/com/google/caja/ancillary/servlet/StaticFiles.java View 1 2 3 chunks +3 lines, -2 lines 0 comments Download
M src/com/google/caja/ancillary/servlet/UriFetcher.java View 1 2 2 chunks +2 lines, -1 line 0 comments Download
M src/com/google/caja/lexer/CharProducer.java View 1 2 2 chunks +6 lines, -1 line 0 comments Download
M src/com/google/caja/lexer/DecodingCharProducer.java View 2 1 chunk +2 lines, -0 lines 0 comments Download
A src/com/google/caja/lexer/UriDecoder.java View 1 1 chunk +136 lines, -0 lines 0 comments Download
M src/com/google/caja/lexer/escaping/UriUtil.java View 1 2 4 chunks +24 lines, -1 line 2 comments Download
M src/com/google/caja/parser/css/CssParser.java View 1 2 13 chunks +15 lines, -13 lines 0 comments Download
M src/com/google/caja/parser/html/AttribKey.java View 1 2 1 chunk +6 lines, -0 lines 0 comments Download
M src/com/google/caja/parser/html/ElKey.java View 1 2 1 chunk +5 lines, -0 lines 0 comments Download
M src/com/google/caja/parser/js/Block.java View 1 2 1 chunk +3 lines, -1 line 0 comments Download
M src/com/google/caja/plugin/PluginCompiler.java View 1 2 2 chunks +3 lines, -1 line 0 comments Download
A src/com/google/caja/plugin/stages/EmbeddedContent.java View 1 1 chunk +120 lines, -0 lines 0 comments Download
A src/com/google/caja/plugin/stages/HtmlEmbeddedContentFinder.java View 1 1 chunk +418 lines, -0 lines 0 comments Download
A src/com/google/caja/plugin/stages/ResolveUriStage.java View 1 chunk +140 lines, -0 lines 0 comments Download
M src/com/google/caja/plugin/stages/RewriteHtmlStage.java View 1 2 5 chunks +108 lines, -329 lines 0 comments Download
M src/com/google/caja/plugin/templates/HtmlAttributeRewriter.java View 2 11 chunks +81 lines, -108 lines 0 comments Download
M src/com/google/caja/plugin/templates/SafeHtmlMaker.java View 2 4 chunks +5 lines, -5 lines 0 comments Download
M src/com/google/caja/plugin/templates/TemplateCompiler.java View 2 4 chunks +18 lines, -6 lines 0 comments Download
A + src/com/google/caja/util/ContentType.java View 1 2 4 chunks +12 lines, -66 lines 0 comments Download
M tests/com/google/caja/ancillary/servlet/ZipFileSystemTest.java View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M tests/com/google/caja/lexer/CharProducerTest.java View 1 2 1 chunk +36 lines, -0 lines 0 comments Download
M tests/com/google/caja/opensocial/example-rewritten.xml View 1 2 1 chunk +1 line, -1 line 0 comments Download
M tests/com/google/caja/plugin/domita_test_untrusted.html View 1 2 1 chunk +7 lines, -4 lines 0 comments Download
A tests/com/google/caja/plugin/stages/ResolveUriStageTest.java View 1 chunk +97 lines, -0 lines 0 comments Download
M tests/com/google/caja/plugin/stages/RewriteHtmlStageTest.java View 1 2 3 chunks +5 lines, -3 lines 0 comments Download
M tests/com/google/caja/plugin/templates/TemplateCompilerTest.java View 2 1 chunk +24 lines, -0 lines 0 comments Download

Messages

Total messages: 3
MikeSamuel
16 years, 6 months ago (2009-12-19 00:24:59 UTC) #1
Jasvir
LGTM http://codereview.appspot.com/180091/diff/63/1049 File src/com/google/caja/lexer/escaping/UriUtil.java (right): http://codereview.appspot.com/180091/diff/63/1049#newcode125 src/com/google/caja/lexer/escaping/UriUtil.java:125: // implementation instead. What is the bug in ...
16 years, 6 months ago (2009-12-22 23:44:06 UTC) #2
MikeSamuel
16 years, 6 months ago (2009-12-24 07:08:39 UTC) #3
http://codereview.appspot.com/180091/diff/63/1049
File src/com/google/caja/lexer/escaping/UriUtil.java (right):

http://codereview.appspot.com/180091/diff/63/1049#newcode125
src/com/google/caja/lexer/escaping/UriUtil.java:125: // implementation instead.
On 2009/12/22 23:44:06, jasvir wrote:
> What is the bug in java.net.URI?  The result below looks correct to me.  The
> spec suggests that after resolving the URI if any ".." remain in the path, the
> UA can choose to treat it is part of the final URI or not traverse it etc.

From http://www.ietf.org/rfc/rfc3986.txt

A.  If the input buffer begins with a prefix of "../" or "./",
           then remove that prefix from the input buffer; otherwise,
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b